CODEWITHSUNDEEP
javaoracle-databaseencryption
Mr. Shiny and New 安宇
Mr. Shiny and New 安宇

Reputation: 13908

Duplicate Oracle DES encrypting in Java

I recently asked a question about Oracle Encryption. Along the way to finding a solution for myself I decided to move the encryption (well, obfuscation) to the application side for certain tasks.

My problem is that the database is already encrypting data a certain way and I need Java code to duplicate that functionality, so that text encrypted by one system can be decrypted by the other and vice versa.

I want the encryption to be compatible with what the DB was already doing but couldn't find the documentation that describes exactly what Oracle is doing. How do I replicate this in Java?

dbms_obfuscation_toolkit.DESEncrypt(
  input_string => v_string,
  key_string => key_string,
  encrypted_string => encrypted_string );
RETURN UTL_RAW.CAST_TO_RAW(encrypted_string);

No matter what I try, it seems as if the Java DES encryption is different than Oracle's.

Upvotes: 1

Views: 2321

Answers (2)

cagcowboy
cagcowboy

Reputation: 30848

Using Java in the database would have been another approach that would (should!) have guarenteed that the code (and hence results) would be identical.

Upvotes: 0

Mr. Shiny and New 安宇
Mr. Shiny and New 安宇

Reputation: 13908

I found this works:

KeySpec ks = new DESKeySpec(new byte[] {'s','e','c','r','e','t','!','!'});
SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
SecretKey sk = skf.generateSecret(ks);
Cipher c = Cipher.getInstance("DES/CBC/NoPadding");
IvParameterSpec ips = new IvParameterSpec(new byte[] {0,0,0,0,0,0,0,0});
c.init(Cipher.ENCRYPT, sk, ips);
// or
c.init(Cipher.DECRYPT, sk, ips);

The missing piece was the Initialization Vector (ips) which must be 8 zeros. When you use null in Java you get something different.

Upvotes: 2

Related Questions